0

I have to implement some code dealing with Microsoft Dynamics CRM 2015 usin PHP language and, since I'm totally new to dynamics CRM and microsoft services, it's pretty tricky for me since there's not a great documentation for non .NET languages.

What I need to do is creating PHP APIs reading and adding rows to Dynamic CRM 2015's "contacts" and "account" tables.

By googling I found out that the main part of the auth part should be done in four main steps (taken from Girish Raja's Blog):

1 - Pass in the device credentials and get a PUID. The device credentials is a randomly generated string that satisfies Live ID schema. You can generate one from this tool: Create CRM 2011 Beta Device
    POST login.live.com/ppsecure/DeviceAddCredential.srf
    Get the PUID from response   

2- Pass the device credentials
    POST login.live.com/liveidSTS.srf
    Get the device CiperData (BinaryDAToken)  

3- Pass the WLID username, password and device BinaryDAToken
    POST login.live.com/liveidSTS.srf
    Get the security tokens (2 CipherValues) & X509SubjectKeyIdentifier 

4- Do CRUD with the web service by passing X509SubjectKeyIdentifier, 2 CipherValues and the SOAP request (with data payload)
    POST yourorganization.api.crm.dynamics.com/XRMServices/2011/Organization.svc
    Get the result from the CRUD response and parse XML to get the data you need

I successfully got through the first point and obtain from DeviceAddCredential.srf a puid, but seems there's no way to afford the second point. I keep getting the "The entered and stored passwords do not match".

I'm actually using Ben Speakman's dynamicsClient class and, since it's a 2011 class, my guess is that maybe there's something wrong with its login procedure (for example I had to fix another issue in the code upgrading CURLOPT_SSLVERSION).

Here's the getBinaryDAToken function that tries to obtain device credentials. What I'm not sure about is the url is using, https://login.live.com/liveidSTS.srf. My guess is that maybe auth services moved from login.live.com and there's a similar service for office 365 products I should call instead of login.live.com.

Some other script around use the login.microsoftonline.com/extSTS.srf but looks an even older URL.

Can you please help me with this auth procedure? Thanx a lot!

private function getBinaryDAToken(){

        $deviceCredentialsSoapTemplate = '
        <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <s:Header>
                <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
                <a:MessageID>
                    urn:uuid:'.$this->messageid.'
                </a:MessageID>
                <a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo>
                <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPoy9Ez+P/wJdOhoN2XNauvYcAAAAAK0Y6fOjvMEqbgs9ivCmFPaZlxcAnCJ1GiX+Rpi09nSYACQAA</VsDebuggerCausalityData>
                <a:To s:mustUnderstand="1">https://login.live.com/liveidSTS.srf</a:To>
                <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <u:Timestamp u:Id="_0">
                        <u:Created>'.$this->currentTime.'Z</u:Created>
                        <u:Expires>'.$this->nextDayTime.'Z</u:Expires>
                    </u:Timestamp>
                    <o:UsernameToken u:Id="devicesoftware">
                        <o:Username>'.$this->deviceUserName.'</o:Username>
                        <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
                            '.$this->devicePassword.'
                        </o:Password>
                    </o:UsernameToken>
                </o:Security>
            </s:Header>
            <s:Body>
                <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
                    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                        <a:EndpointReference>
                            <a:Address>http://passport.net/tb</a:Address>
                        </a:EndpointReference>
                    </wsp:AppliesTo>
                    <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
                </t:RequestSecurityToken>
            </s:Body>
        </s:Envelope>';

        return $this->doCurl("/liveidSTS.srf" , "login.live.com" , "https://login.live.com/liveidSTS.srf", $deviceCredentialsSoapTemplate);



    }

UPDATE: thanx to Campey new login url is https://login.microsoftonline.com/RST2.srf solved the second step problem

4

1 回答 1

0

CRM Online 已从需要设备凭据的旧身份验证方法 (Windows Live) 发生变化,现在改用 Office 365,这(在我看来)使事情变得更容易,而且速度肯定更快。

我写了一篇关于此的博客:- http://crmtroubleshoot.blogspot.com.au/2013/07/dynamics-crm-2011-php-and-soap-using.html http://crmtroubleshoot.blogspot.com。 au/2013/07/dynamics-crm-2011-php-and-soap-calls.html

Jason Lattimer 最近还写了一个博客,它将提供一个您可以尝试和实施的库,并且可以在内部使用(我的没有) http://jlattimer.blogspot.com.au/2015/02/soap-only-身份验证使用 php.html

于 2015-06-22T21:45:54.157 回答